<!DOCTYPE html>
<html lang="en">
<head>
	<meta charset="UTF-8">
	<meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
	<title>Enable Elasticsearch security features | ElasticSearch 7.7 权威指南中文版</title>
	<meta name="keywords" content="ElasticSearch 权威指南中文版, elasticsearch 7, es7, 实时数据分析，实时数据检索" />
    <meta name="description" content="ElasticSearch 权威指南中文版, elasticsearch 7, es7, 实时数据分析，实时数据检索" />
    <!-- Give IE8 a fighting chance -->
    <!--[if lt IE 9]>
    <script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
    <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
    <![endif]-->
	<link rel="stylesheet" type="text/css" href="../static/styles.css" />
	<script>
	var _link = 'get-started-enable-security.html';
    </script>
</head>
<body>
<div class="main-container">
    <section id="content">
        <div class="content-wrapper">
            <section id="guide" lang="zh_cn">
                <div class="container">
                    <div class="row">
                        <div class="col-xs-12 col-sm-8 col-md-8 guide-section">
                            <div style="color:gray; word-break: break-all; font-size:12px;">原英文版地址: <a href="https://www.elastic.co/guide/en/elasticsearch/reference/7.7/get-started-enable-security.html" rel="nofollow" target="_blank">https://www.elastic.co/guide/en/elasticsearch/reference/7.7/get-started-enable-security.html</a>, 原文档版权归 www.elastic.co 所有<br/>本地英文版地址: <a href="../en/get-started-enable-security.html" rel="nofollow" target="_blank">../en/get-started-enable-security.html</a></div>
                        <!-- start body -->
                  <div class="page_header">
<strong>重要</strong>: 此版本不会发布额外的bug修复或文档更新。最新信息请参考 <a href="https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html" rel="nofollow">当前版本文档</a>。
</div>
<div id="content">
<div class="breadcrumbs">
<span class="breadcrumb-link"><a href="index.html">Elasticsearch Guide [7.7]</a></span>
»
<span class="breadcrumb-link"><a href="secure-cluster.html">Secure a cluster</a></span>
»
<span class="breadcrumb-link"><a href="security-getting-started.html">Tutorial: Getting started with security</a></span>
»
<span class="breadcrumb-node">Enable Elasticsearch security features</span>
</div>
<div class="navheader">
<span class="prev">
<a href="security-getting-started.html">« Tutorial: Getting started with security</a>
</span>
<span class="next">
<a href="get-started-built-in-users.html">Create passwords for built-in users »</a>
</span>
</div>
<div class="section xpack">
<div class="titlepage"><div><div>
<h2 class="title">
<a id="get-started-enable-security"></a>Enable Elasticsearch security features<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/security/get-started-security.asciidoc">edit</a><a class="xpack_tag" href="https://www.elastic.co/subscriptions"></a>
</h2>
</div></div></div>
<p>When you use the basic and trial licenses, the Elasticsearch security features are
disabled by default. To enable them:</p>
<div class="olist orderedlist">
<ol class="orderedlist">
<li class="listitem">
Stop Kibana. The method for starting and stopping Kibana varies depending on
how you installed it. For example, if you installed Kibana from an archive
distribution (<code class="literal">.tar.gz</code> or <code class="literal">.zip</code>), stop it by entering <code class="literal">Ctrl-C</code> on the command
line. See <a href="https://www.elastic.co/guide/en/kibana/7.7/start-stop.html" class="ulink" target="_top">Starting and stopping Kibana</a>.
</li>
<li class="listitem">
Stop Elasticsearch. For example, if you installed Elasticsearch from an archive distribution,
enter <code class="literal">Ctrl-C</code> on the command line. See
<a href="stopping-elasticsearch.html" class="ulink" target="_top">Stopping Elasticsearch</a>.
</li>
<li class="listitem">
<p>Add the <code class="literal">xpack.security.enabled</code> setting to the
<code class="literal">ES_PATH_CONF/elasticsearch.yml</code> file.</p>
<div class="tip admon">
<div class="icon"></div>
<div class="admon_content">
<p>The <code class="literal">ES_PATH_CONF</code> environment variable contains the path for the Elasticsearch
configuration files. If you installed Elasticsearch using archive distributions (<code class="literal">zip</code> or
<code class="literal">tar.gz</code>), it defaults to <code class="literal">ES_HOME/config</code>. If you used package distributions
(Debian or RPM), it defaults to <code class="literal">/etc/elasticsearch</code>. For more information, see
<a href="settings.html" class="ulink" target="_top">Configuring Elasticsearch</a>.</p>
</div>
</div>
<p>For example, add the following setting:</p>
<div class="pre_wrapper lang-yaml">
<pre class="programlisting prettyprint lang-yaml">xpack.security.enabled: true</pre>
</div>
<div class="tip admon">
<div class="icon"></div>
<div class="admon_content">
<p>If you have a basic or trial license, the default value for this setting is
<code class="literal">false</code>. If you have a gold or higher license, the default value is <code class="literal">true</code>.
Therefore, it is a good idea to explicitly add this setting to avoid confusion
about whether security features are enabled.</p>
</div>
</div>
</li>
<li class="listitem">
<p>Enable single-node discovery in the <code class="literal">ES_PATH_CONF/elasticsearch.yml</code> file.</p>
<p>This tutorial involves a single node cluster, but if you had multiple
nodes, you would enable Elasticsearch security features on every node in the cluster
and configure Transport Layer Security (TLS) for internode-communication, which
is beyond the scope of this tutorial. By enabling single-node discovery, we are
postponing the configuration of TLS. For example, add the following setting:</p>
<div class="pre_wrapper lang-yaml">
<pre class="programlisting prettyprint lang-yaml">discovery.type: single-node</pre>
</div>
<p>For more information, see
<a href="bootstrap-checks.html#single-node-discovery" class="ulink" target="_top">Single-node discovery</a>.</p>
</li>
</ol>
</div>
<p>When you enable Elasticsearch security features, basic authentication is enabled by
default. To communicate with the cluster, you must specify a username and
password. Unless you <a class="xref" href="anonymous-access.html" title="Enabling anonymous access">enable anonymous access</a>, all requests
that don’t include a user name and password are rejected.</p>
</div>
<div class="navfooter">
<span class="prev">
<a href="security-getting-started.html">« Tutorial: Getting started with security</a>
</span>
<span class="next">
<a href="get-started-built-in-users.html">Create passwords for built-in users »</a>
</span>
</div>
</div>

                  <!-- end body -->
                        </div>
                        <div class="col-xs-12 col-sm-4 col-md-4" id="right_col">
                        
                        </div>
                    </div>
                </div>
            </section>
        </div>
    </section>
</div>
<script src="../static/cn.js"></script>
</body>
</html>